Mobile ads can hijack your phone and steal your contacts

Updated on: 2012-07-10 || Source: cnn.com

Those pesky pop-up ads from the '90s are back, but this time they're holding your smartphone hostage.

Tens
of thousands of smartphone apps are running ads from rogue advertising
networks that change smartphone settings and take contact information
without permission, according to a new study released Monday.

Aggressive ad networks can disguise ads as text message notifications
or app icons, and sometimes change browser settings and bookmarks.
Often, the ads will upload your contacts list to the ad network's
servers -- information the ad network can then sell to marketers

Sounds
scary? It's not a giant problem yet, but it's a growing one. As many as
5% of free mobile apps use an "aggressive" ad network to make money,
according to Lookout, a San Francisco-based mobile security company.

With
millions of mobile apps in stores, that small sliver adds up to a big
number. The study found that 19,200 of the 384,000 apps it tested used
malicious ad networks. Those apps have been downloaded a whopping 80
million times.

PhoneLiving is the most prevalent app developer to use these kinds of ad networks -- their dozens of talking animal apps have been downloaded 10 million times, according to Lookout. PhoneLiving could not be reached for comment, as its website -- aside from its homepage -- returns nothing but error messages.

The
most popular type of apps that use aggressive ad networks are
"personalization" apps, which include wallpapers. Comic, arcade and
entertainment apps are also among the most likely to have rogue ad
networks running behind the scenes.

Like aggressive pop-ups on
PCs, the bad software isn't easy to shed. Though the damage can
typically be reversed by deleting the app, it can be hard to pinpoint
which app is causing the problems.

"Sometimes you download 10 apps
at a time, so you don't know which is responsible," said Kevin
Mahaffey, Lookout's CTO. "It's not unlike adware in the early PC days."

When
developers create free mobile apps, they usually make money through ads
displayed within the app. That free version of Angry Birds didn't cost
you anything because of the pop-up ad that appears right as you're
catapulting the red bird at its target.

The vast majority of ads run on well-known ad networks like Jumptap, Apple's (AAPL, Fortune 500) iAd and Google's (GOOG, Fortune 500)
AdMob. They collect some information about their users, but they don't
go to the extremes of uploading contact lists and changing settings.

The appeal of the ad networks that Lookout gently calls "aggressive" is that they generate more revenue for app developers.

Lookout
has criticized Airpush in the past for being overly aggressive with its
marketing techniques, but it remains the second-biggest ad network for
Android devices. Airpush does give users the option of opting out of its
push notification ads.

Airpush representatives did not respond to a request for comment.

App
makers don't usually disclose what ad network they're using, which
makes it hard to avoid the known offenders. The best defense is to read
reviews and avoid downloading apps that have attracted a trail of
complaints.